← back
CVE-2011-4288

CVE-2011-4288

EPSS 1.7%
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=79c6e3a0968ee1fedcf8a1f14f8086fcd9dbd3f6http://moodle.org/mod/forum/discuss.php?d=175590http://openwall.com/lists/oss-security/2011/11/14/1